Monitor External Accounts with Write Permissions

More Info:

Ensure that the external accounts with write permissions are monitored using Azure Security Center.

Risk Level

Medium

Address

Security, Operational Maturity

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

The following are the step-by-step instructions to remediate the “Monitor External Accounts with Write Permissions” misconfiguration in Azure using Azure CLI:

Open the Azure CLI on your local machine or Azure Cloud Shell.
Run the following command to list all the external accounts with write permissions in your subscription:
```
az monitor activity-log list --query "[?category=='Administrative' and operationName.value=='Microsoft.Authorization/roleAssignments/write' and authorization.scope=='/subscriptions/{subscriptionId}'].caller"
```
This command will return a list of all the external accounts with write permissions in your subscription.
Review the list of external accounts and identify any that should not have write permissions.
Run the following command to remove write permissions for an external account:
```
az role assignment delete --assignee <external-account-id> --role <role-name> --scope /subscriptions/{subscriptionId}
```
Replace <external-account-id> with the ID of the external account you want to remove write permissions for, and <role-name> with the name of the role that grants write permissions.
Repeat step 4 for any other external accounts that should not have write permissions.
Run the command from step 2 again to confirm that all external accounts with write permissions have been removed.
Monitor your subscription for any unauthorized write activity and investigate any suspicious activity.

By following these steps, you can remediate the “Monitor External Accounts with Write Permissions” misconfiguration in Azure using Azure CLI.

Using Python

To remediate the misconfiguration “Monitor External Accounts with Write Permissions” in Azure using Python, you can follow the below steps:Step 1: Install the Azure SDK for Python using the pip command.

pip install azure

Step 2: Authenticate with Azure using the Azure CLI or by providing the credentials in code.

from azure.common.credentials import UserPassCredentials
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.resource import ResourceManagementClient

# Replace the values with your own
subscription_id = 'SUBSCRIPTION_ID'
username = 'USERNAME'
password = 'PASSWORD'
tenant_id = 'TENANT_ID'

credentials = UserPassCredentials(username, password, tenant_id)
monitor_client = MonitorManagementClient(
    credentials,
    subscription_id
)
resource_client = ResourceManagementClient(
    credentials,
    subscription_id
)

Step 3: Get the list of external accounts with write permissions.

# Get the list of external accounts with write permissions
external_accounts = monitor_client.external_monitoring_configurations.list_by_subscription()

external_accounts_with_write_permissions = []
for account in external_accounts:
    if account.enabled and account.type == 'Azure' and account.write_access_enabled:
        external_accounts_with_write_permissions.append(account)

Step 4: Disable write permissions for the external accounts.

# Disable write permissions for the external accounts
for account in external_accounts_with_write_permissions:
    account.write_access_enabled = False
    monitor_client.external_monitoring_configurations.create_or_update(
        resource_group_name=account.resource_group_name,
        configuration_name=account.name,
        parameters=account
    )

By following these steps, you can remediate the “Monitor External Accounts with Write Permissions” misconfiguration in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Monitor External Accounts with Write Permissions

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation